System Actions

System actions are actions that a user may wish to perform at runtime but that need to be authorized, or need to be restricted to users with a certain level of authority.

These actions might include, for example re-allocating work-items, skipping work-items, viewing another user’s work list, or administering resources.

This authorization is implemented by associating system actions with privileges within Organization Modeler. See Capabilities and Privileges for more details about privileges. See the BPM Concepts documentation for an introduction to system actions.

In Organization Modeler:

  • For the Organization Model, the System Actions tab of the Properties view lists all the system actions that are available, and any privileges with which each is associated.
  • For Organization Units, Positions and Groups, the System Actions tab of the Properties view lists the subset of system actions that are available for that class of entity, and any privileges with which each is associated.

In all these cases you can associate a system action with one or more privileges. As described in Capabilities and Privileges, privileges can have qualifiers which determine the level of the privilege. At run time, only users who hold the associated privilege with any required level of qualifier (or if more than one privilege is associated with a particular system action, users who hold all the associated privileges) are then allowed to carry out that system action.

Note: As well as possessing the correct privileges, users may need to belong to an appropriate user access set in order to perform a particular system action. See the TIBCO Workspace documentation for more information on user access sets.
Note: The Organization Admin system action allows the user to see organization models other than the one they are part of, and allows them to view process instances started by members of these organizations.

At runtime, BPM maintains a list of system actions and of privileges, as defined in the organization model, and thus determines whether a user is authorized to carry out a particular action.